我正在一个应用程序上进行黑盒Espresso UI测试,我只有apk文件。要运行Espresso测试,要测试的应用程序和测试必须使用相同的签名进行签名,因此我必须重新签名应用程序apk。 我试图用这些命令重新签名应用程序:
zip -d $APK META-INF/\*
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $KEYSTORE -storepass $STOREPASS $APK $ALIAS
jarsigner -verify -verbose -certs $APK
zipalign -v 4 $APK $ALIGNED_APK
已成功安装已撤消的应用。但是,它无法启动。这是来自logcat的日志:
11-03 11:12:08.546: I/ActivityManager(1020): START {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.zg.zl/.ui.SplashActivity u=0} from pid 1128
11-03 11:12:08.546: W/WindowManager(1020): Failure taking screenshot for (246x410) to layer 21005
11-03 11:12:08.556: D/dalvikvm(795): WAIT_FOR_CONCURRENT_GC blocked 0ms
11-03 11:12:08.586: D/dalvikvm(795): GC_EXPLICIT freed 37K, 4% free 7917K/8195K, paused 0ms+1ms, total 27ms
11-03 11:12:08.586: D/dalvikvm(795): WAIT_FOR_CONCURRENT_GC blocked 0ms
11-03 11:12:08.596: D/dalvikvm(795): GC_EXPLICIT freed <1K, 4% free 7917K/8195K, paused 0ms+1ms, total 5ms
11-03 11:12:08.596: I/ActivityManager(1020): Start proc com.zg.zl for activity com.zg.zl/.ui.SplashActivity: pid=1587 uid=10044 gids={3003, 1015, 1006, 3002, 1028}
11-03 11:12:08.606: D/dalvikvm(795): WAIT_FOR_CONCURRENT_GC blocked 0ms
11-03 11:12:08.606: D/dalvikvm(795): GC_EXPLICIT freed <1K, 4% free 7917K/8195K, paused 1ms+1ms, total 6ms
11-03 11:12:08.617: E/Trace(1587): error opening trace file: No such file or directory (2)
11-03 11:12:08.646: D/dalvikvm(1587): WAIT_FOR_CONCURRENT_GC blocked 0ms
11-03 11:12:08.716: D/dalvikvm(1587): GC_CONCURRENT freed 155K, 3% free 8200K/8391K, paused 21ms+1ms, total 40ms
11-03 11:12:08.756: D/dalvikvm(1587): GC_CONCURRENT freed 118K, 3% free 8497K/8711K, paused 15ms+0ms, total 21ms
11-03 11:12:08.806: D/dalvikvm(1587): GC_CONCURRENT freed 127K, 3% free 8808K/9031K, paused 12ms+0ms, total 17ms
11-03 11:12:08.816: I/ActivityThread(1587): Pub com.zg.zl.db.preferencesprovider: com.zg.zl.db.PreferencesProvider
11-03 11:12:08.826: D/dalvikvm(1587): Trying to load lib /mnt/asec/com.zg.zl-1/lib/libzl_native_lib.so 0xb55cfc48
11-03 11:12:08.826: D/dalvikvm(1587): Added shared lib /mnt/asec/com.zg.zl-1/lib/libzl_native_lib.so 0xb55cfc48
11-03 11:12:08.826: D/dalvikvm(1587): Trying to load lib /mnt/asec/com.zg.zl-1/lib/libzl_native_lib.so 0xb55cfc48
11-03 11:12:08.826: D/dalvikvm(1587): Shared lib '/mnt/asec/com.zg.zl-1/lib/libzl_native_lib.so' already loaded in same CL 0xb55cfc48
11-03 11:12:08.826: I/AndroidRuntime(1587): VM exiting with result code 0, cleanup skipped.
11-03 11:12:08.846: I/ActivityManager(1020): Process com.zg.zl (pid 1587) has died.
11-03 11:12:08.846: W/ActivityManager(1020): Force removing ActivityRecord{b59377c8 com.zg.zl/.ui.SplashActivity}: app died, no saved state
11-03 11:12:08.886: W/InputMethodManagerService(1020): Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@b59228a0 attribute=null
11-03 11:13:16.597: D/dalvikvm(1116): GC_CONCURRENT freed 384K, 7% free 8482K/9031K, paused 0ms+0ms, total 7ms
(如果我从已撤消的apk中删除META-INF文件夹,并添加来自原始APK的META-INF文件夹。该应用可以安装并正常运行。)
我认为应用程序可以防止被其他证书拒绝。我该如何解决这个问题?
答案 0 :(得分:0)
当我读到某个地方时,知道如何选择锁定并不会让你成为强盗。 由于这个问题没有得到任何答案。我想指出一个人 如果他们感兴趣的话,在正确的方向。
首先,您需要将应用程序解除/解组为smali代码。一个众所周知的工具
这是apktool / baksmali。 dex2jar和jd-gui可用于撤销
java代码的应用程序,有助于理解smali代码。
其次,如果某个应用具有某些类型的保护,则必须进行某些API调用。通过 搜索API调用,您可以确定需要修改的代码。在 这种情况下,java代码可能是这样的:
Context mContext = MainApplication.getApplicationContext();
byte[] signatureByteArray = mContext.getPackageManager().getPackageInfo(mContext.getPackageName(), 64).signatures[0].toByteArray();
等效的smali代码是:
:try_start_0
invoke-static {}, Lcom/zing/zalo/app/MainApplication;->it()Landroid/content/Context;
move-result-object v1
invoke-virtual {v1}, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v2
invoke-virtual {v1}, Landroid/content/Context;->getPackageName()Ljava/lang/String;
move-result-object v1
const/16 v3, 0x40
invoke-virtual {v2, v1, v3}, Landroid/content/pm/PackageManager;->getPackageInfo(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;
move-result-object v1
iget-object v1, v1, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature;
const/4 v2, 0x0
aget-object v1, v1, v2
invoke-virtual {v1}, Landroid/content/pm/Signature;->toByteArray()[B
move-result-object v1
在实践中,应用程序通常会被混淆,并且可以保护应用程序免受攻击 通过其他方式修改,例如检查文件大小。这只是一个 大概的概念。